From: John Johansen <jjohansen@suse.de>
Subject: AppArmor: Patch AppArmor for 2.6.25 kernel

Add 64 bit capabilities support to AppArmor.

Signed-off-by: John Johansen <jjohansen@suse.de>

---
 security/apparmor/module_interface.c |   22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

--- a/security/apparmor/module_interface.c
+++ b/security/apparmor/module_interface.c
@@ -395,15 +395,29 @@ static struct aa_profile *aa_unpack_prof
 	if (!aa_is_nameX(e, AA_STRUCTEND, NULL))
 		goto fail;
 
-	if (!aa_is_u32(e, &(profile->capabilities), NULL))
+	if (!aa_is_u32(e, &(profile->capabilities.cap[0]), NULL))
 		goto fail;
-	if (!aa_is_u32(e, &(profile->audit_caps), NULL))
+	if (!aa_is_u32(e, &(profile->audit_caps.cap[0]), NULL))
 		goto fail;
-	if (!aa_is_u32(e, &(profile->quiet_caps), NULL))
+	if (!aa_is_u32(e, &(profile->quiet_caps.cap[0]), NULL))
 		goto fail;
-	if (!aa_is_u32(e, &(profile->set_caps), NULL))
+	if (!aa_is_u32(e, &(profile->set_caps.cap[0]), NULL))
 		goto fail;
 
+	if (aa_is_nameX(e, AA_STRUCT, "caps64")) {
+		/* optional upper half of 64 bit caps */
+		if (!aa_is_u32(e, &(profile->capabilities.cap[1]), NULL))
+			goto fail;
+		if (!aa_is_u32(e, &(profile->audit_caps.cap[1]), NULL))
+			goto fail;
+		if (!aa_is_u32(e, &(profile->quiet_caps.cap[1]), NULL))
+			goto fail;
+		if (!aa_is_u32(e, &(profile->set_caps.cap[1]), NULL))
+			goto fail;
+		if (!aa_is_nameX(e, AA_STRUCTEND, NULL))
+			goto fail;
+	}
+
 	if (!aa_unpack_rlimits(e, profile))
 		goto fail;